Recently, a new economic paradigm called electronic commerce has been created based on development of information communication technology and based on the Internet, the worldwide computer network. New company/business culture such as cyber business, cyber market, and cyber trade has been created and is no longer being restricted by time and location, creating an environment ready for realizing electronic business.
These days, the technical reason why the electronic commerce has attracted public attention is as follows:
The advent of the web (World Wide Web) and browsers means that computer network technology and information communication technology are being developed. It is possible to imitate various activities of actual life according to development of the computer network and information communication technology.
On the economical side, the cost of commerce is reduced and it is easy to develop a new market when industries are changing to electronic commerce.
The Internet is connected worldwide and is used by thousands of users, so the Internet is regarded a main stage of electronic commerce. Most electronic commercial transaction system are connected to a client terminal, an authentication agency, a payment system, and a store system, and can execute electronic commerce based on the Internet.
Electronic commerce is constructed using cryptographic protocol prescribed between the client terminal, the store system, and the payment system based on any other authentication means or an electronic certificate issued by the authentication agency through a previous authentication process for safe electronic commerce. The authentication agency issues, changes, and cancels the electronic certificate for confirming and proving a person concerned with the business, and authenticates a public key which the person will use. The client terminal mounts a web browser, and executes the payment by selecting one of the payment means, such as a credit card, a debit card, a transfer account, electronic money, etc. The payment system treats information of payment demanded by a store system and is called a payment broker or a payment gateway according to the payment means and type of treatment. The store system is a shopping mall where visible and invisible goods are sold to customers electronically. The store system executes an actual commercial transaction such as sales management, customer management, shop management, etc. based on a goods information database.
Phishing is a new Internet crime behavior using a junk mail, and in particular is a crime related to extracting and using the individual information of a receiver by using a mail which dose not inform of the sender's identity. One type of the Phishing involves transmitting an e-mail under the assumed name of a financial agency over the Internet and requesting an original account, a password, or other private information on the pretext of problem with a credit card or an account. Another type of the Phishing requests the private information, a telephone number, or credit card information on the pretext that a gift will be provided through an event, a research, etc.
The word Phishing comes from fishing, and Phishing and fishing are similarly pronounced. Phishing is an expression suggestive of catching a user with junk mail in an ocean of information, the Internet. Phishing can involves making a special spurious site and cheating the user out of financial information such as credit card numbers by requiring log-in or payment with a credit card. The individual information includes various IDs (Identifications) and passwords, so the financial fraud and the damage caused thereby are generated by obtaining the payment information such as credit card information.
The damage caused by phishing can be generated in wireless Internet. In particular, a non-special site can disguise itself as a special site to the users according to the opening of the network and transmits a call back URL (Uniform Resource Locators) message to the mobile terminal of the user, wherein a non-special site means a site which does not authenticate by mobile communication company. Financial fraud like phishing can be generated when the non-special site requests the payment information. Anyone can easily access to the wireless network using the call back URL according to the opening of the wireless network, but the user can not determine whether the server is a trustworthy server when the user accesses to the wireless network, so hacking by phishing can be executes easily.
It is difficult for the user of the mobile terminal to determine whether to trust the site because the URL of the wireless site visited by the user does not appear on a display of the mobile terminal as it does in a browser of a computer. The information provided is restricted in a mark-up page (WML, cHTML, etc.) which is implemented by a wireless Internet portal compared with a mark-up page (HTML) which is implemented by a wire Internet portal by limitation of the data transmit speed in the mobile terminal and the wireless Internet. Therefore, there is a high possibility that the individual information and private payment information can be extracted from the mobile terminal by disguising as a special site.